Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| Paycheck | Avoid mobile deposit scams. | |
| Final Report for ... | Spear phishing attempt is a carefully crafted personalized email that is usually sent with an attachment or requests a response. The fraudster then tries to entice the recipient to open the infected attachment or respond with personal information. | |
| ‘Are you busy?’, “Hi,” or “Urgent”. E-mail Scam | We have reports from faculty and staff who have been recipients of a new twist on an old e-mail scam. These phishing scams often come from a non-UCLA email address with poor spelling/grammar. | |
| Avoid Package Delivery Scams | You should never click a link or call back the number from an unexpected delivery notice. | |
| Job Scams at UCLA | UCLA Information Security Office is aware of UCLA students being targeted by fake job offer scams. Please read our recent Security Advisory regarding Job Opportunity Scams at UCLA - Department of Computer Science. |
|
| Impersonation email campaign: Send me your available cell number | Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response. |
|
| EVC/Provost Opportunity Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. | |
| Settings Changed Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. From: Microsoft Web-Team [mailto:Outlook@@ @ trx.outlok.com] Sent: Friday, January 26, 2018 4:16 AM To: Subject: settings changed Importance: High Outlook Office365 Email We detected a recent sign-in Windows device. You are getting this email to make sure it was you. To help keep you safe, we require an extra security challenge Click Here This action will take a brief period before this request takes effect This is a mandatory communication about the service. To set communication preferences for other cases. © 2018 Outlook-Corporation All Rights Reserved Terms of use Privacy & Cookies | |
| HR Team Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: [username]@ucla.edu Subject: HR Team Greetings: You have a message from the HR Department Click here to view your message Sincerely, The Human Resources Talent Acquisition Team This is an automatically generated email, please do not reply. | |
| [username]@[campus unit].ucla.edu Password Expiration Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IT Help Desk Subject: [username]@[campus unit].ucla.edu password expiration [campus unit].ucla.edu Hello [username] Password for [username]@[campus unit].ucla.edu expires today Tuesday, March 23, 2021 at 2:34 PM Keep Same Password [campus unit].ucla.edu (c) 2021 | |
| UNICEF Part-Time Job Opportunity Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: [username]@ucla.edu Subject: UNICEF PART – TIME JOB OPPORTUNITY Good Day, I am a staff hear at the institution, a professor of Medicine shared a link for students who might be interested in PAID UNICEF PART-TIME POSITION job to make up to $400 (USD) weekly. Follow the link below for more info regarding the position – CLICK HERE NOTE: THIS IS STRICTLY A WORK FROM HOME POSITION. Sincerely, Dr. Daniel Spencer | |
| Staff & Employee Benefits Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Friday, March 6, 2020 5:41 AM To: Subject: Staff & Employee Benefit All staff & employee are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment. Please kindly Click MARCH-BENEFIT and complete the required directive to avoid omission of your benefit payment for March 2020 Thank you, Help Desk. | |
| Recalculation of your Tax Refund Payment Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IRS Subject: Recalculation of your Tax Refund Payment Internal Revenue Service (IRS) Dear Applicant, After the last calculations of your annual tax refund, we have determined that you are eligible to receive an extra tax refund of 1400.00 USD Please submit the tax refund request and click here by having your tax refund sent to your account in due time. Please do not reply as the email address is not monitored for received mail. |
